What are the requirements for configuring a DLP ICAP service in VPM through Management Center, when using UPE to configure policy for WSS traffic?
Universal Policy Enforcement
- Web Security Service
- Management Center
- Local ProxySG (VPM)
Creating a DLP Scanning Service for UPE:
1.) Create an ICAP service on the ProxySG that is serving VPM to Management Center.
a.) Log into the Management GUI of the ProxySG (outside of management center).
b.) Navigate to: Configuration > Content Analysis > ICAP
c.) Click "New" and name the service: "SYMC_DLP" and click "OK"
d.) Edit the new ICAP service to reflect a service URL of "http://dlp.symc.com"
i.) note: this is a dummy URL and should be configured as it reads in the step above.
e.) Beforing saving the changes to the ICAP service, select "DLP" as the type, and ensure it is configured for "Request Modification" towards the bottom.
f.) Click "OK" and "Apply" the changes to the SG when the dialogue closes.
g.) Proceed to close the management console to the ProxySG, this is no longer needed.
2.) Login to Management Center, and launch the VPM editor for the respective WSS policy.
a.) Create a new "Web Access Layer"
i.) The name of the layer is not important to the functionality.
b.) Create a new rule, and click the action field and select "New"
c.) Find "Perform Request Analysis"
d.) In the name field type "SYMC_DLP_SERVICE"
e.) In the left-hand list, select "SYMC_DLP" and move that to the right-hand list by clicking "Add"
f.) Click "OK"
g.) Under the enforcement column, select "WSS"
h.) Save and deploy policy from Management Center.
Testing DLP and verifying via Enforce Server should reflect successful DLP scanning.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.